IRC log of crypto on 2012-06-11

Timestamps are in UTC.

18:53:18 [RRSAgent]
RRSAgent has joined #crypto
18:53:18 [RRSAgent]
logging to http://www.w3.org/2012/06/11-crypto-irc
18:54:04 [wtc]
wtc has joined #crypto
18:54:43 [virginie_galindo]
Chair: Virginie Galindo
18:55:00 [hhalpin]
Zakim, pick a scribe
18:55:00 [Zakim]
sorry, hhalpin, I don't know what conference this is
18:55:05 [hhalpin]
Zakim, this is Crypto
18:55:05 [Zakim]
sorry, hhalpin, I do not see a conference named 'Crypto' in progress or scheduled at this time
18:55:42 [JimD]
JimD has left #crypto
18:55:44 [vgb]
vgb has joined #crypto
18:56:32 [emily]
emily has joined #crypto
18:56:49 [hhalpin]
Zakim, this is SEC_WebCryp
18:56:49 [Zakim]
hhalpin, I see SEC_WebCryp()3:00PM in the schedule but not yet started. Perhaps you mean "this will be SEC_WebCryp".
18:56:56 [hhalpin]
Zakim, this will be SEC_WebCryp
18:56:56 [Zakim]
ok, hhalpin; I see SEC_WebCryp()3:00PM scheduled to start in 4 minutes
18:57:32 [Zakim]
SEC_WebCryp()3:00PM has now started
18:57:41 [Zakim]
+ +33.6.13.23.aaaa
18:58:00 [hhalpin]
agenda+ Welcome
18:58:06 [hhalpin]
agenda+ Survey about API
18:58:16 [hhalpin]
agenda+ Use-cases
18:58:20 [hhalpin]
agenda+ Technical Discussion
18:58:21 [Zakim]
+ +1.707.799.aabb
18:58:29 [hhalpin]
agenda+ Group Logistics
18:58:38 [hhalpin]
Zakim, pick a scribe
18:58:38 [Zakim]
Not knowing who is chairing or who scribed recently, I propose virginie_galindo
18:58:41 [hhalpin]
Zakim, pick a scribe
18:58:41 [Zakim]
Not knowing who is chairing or who scribed recently, I propose virginie_galindo
18:58:43 [hhalpin]
Zakim, pick a scribe
18:58:43 [Zakim]
Not knowing who is chairing or who scribed recently, I propose virginie_galindo
18:58:58 [Zakim]
+Wendy
18:58:58 [Zakim]
+ +1.773.939.aacc
18:59:37 [JimD]
JimD has joined #crypto
18:59:37 [Zakim]
+John_Aberdeen
18:59:51 [Zakim]
+[Microsoft]
19:00:05 [vgb]
Zakim, [Microsoft] is me
19:00:05 [Zakim]
+vgb; got it
19:00:09 [hhalpin]
Zakim, what's the code?
19:00:09 [Zakim]
the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), hhalpin
19:00:19 [Zakim]
+ +1.650.214.aadd
19:00:44 [wseltzer]
zakim, aadd is Google
19:00:44 [Zakim]
+Google; got it
19:01:58 [Zakim]
+[Microsoft]
19:02:02 [ddahl]
thanks wseltzer
19:02:14 [Zakim]
+ +1.408.540.aaee
19:02:15 [Zakim]
+ +1.512.257.aaff
19:02:24 [MitchZ]
MitchZ has joined #crypto
19:02:37 [emily]
zakim, aabb is emily
19:02:38 [Zakim]
+emily; got it
19:02:56 [Zakim]
+??P13
19:02:58 [Karen]
Karen has joined #crypto
19:03:02 [hhalpin]
Zakim, ??P13 is hhalpin
19:03:08 [Zakim]
+hhalpin; got it
19:03:14 [MitchZ]
Netflix on area code 408
19:03:23 [Zakim]
+??P14
19:03:24 [hhalpin]
Zakim, who is on the phone?
19:03:24 [Zakim]
On the phone I see virginie_galindo, emily, ddahl, Wendy, Jim_Davenport, vgb, Google, [Microsoft], +1.408.540.aaee, +1.512.257.aaff, hhalpin, ??P14
19:03:24 [Zakim]
Google has rsleevi, wtc
19:03:24 [Zakim]
[Microsoft] has Mike_Jones
19:03:30 [hhalpin]
Zakim, pick a scribe
19:03:30 [Zakim]
Not knowing who is chairing or who scribed recently, I propose +1.512.257.aaff
19:04:41 [Channy]
zakim, Channy is channy_yun
19:04:41 [Zakim]
sorry, Channy, I do not recognize a party named 'Channy'
19:04:47 [wseltzer]
Some good scribe instructions, for further reference: https://www.w3.org/2008/xmlsec/Group/Scribe-Instructions.html
19:04:50 [MitchZ]
zakim aaee is Netflix
19:04:52 [hhalpin]
scribe: Karen
19:05:12 [Karen]
Harry: help scribe
19:05:34 [rsleevi]
rsleevi has joined #crypto
19:05:48 [virginie_galindo]
Zakim, who is on the phone?
19:05:48 [Zakim]
On the phone I see virginie_galindo, emily, ddahl, Wendy, Jim_Davenport, vgb, Google, [Microsoft], Netflix, Karen, hhalpin, ??P14
19:05:51 [Zakim]
Google has rsleevi, wtc
19:05:51 [Zakim]
[Microsoft] has Mike_Jones
19:05:51 [Zakim]
Netflix has MitchZ
19:06:45 [JimD]
zakim, who is talking
19:06:45 [Zakim]
I don't understand 'who is talking', JimD
19:06:55 [JimD]
there is some command to see who is talking
19:07:03 [hhalpin]
Zakim, who is making noise?
19:07:23 [Zakim]
hhalpin, listening for 11 seconds I could not identify any sounds
19:07:35 [sdurbha]
sdurbha has joined #crypto
19:07:41 [markw]
markw has joined #crypto
19:08:17 [Zakim]
+??P18
19:08:29 [ddahl]
Channy: are you on the phone?
19:08:30 [wseltzer]
Channy, are you on the phone or just IRC?
19:08:31 [hhalpin]
Zakim, scribenick Karen
19:08:31 [Zakim]
I don't understand 'scribenick Karen', hhalpin
19:08:49 [hhalpin]
scribenick: Karen
19:09:05 [sdurbha]
p18 sdurbha
19:09:10 [Zakim]
+ +1.978.936.aagg
19:09:14 [wseltzer]
zakim, p18 is sdurbha
19:09:14 [Zakim]
sorry, wseltzer, I do not recognize a party named 'p18'
19:09:19 [wseltzer]
zakim, ??p18 is sdurbha
19:09:19 [Zakim]
+sdurbha; got it
19:09:22 [hhalpin]
Zakim, ??P18 is sdurbha
19:09:22 [Zakim]
I already had ??P18 as sdurbha, hhalpin
19:09:30 [Channy]
ddahl, just IRC
19:09:32 [wseltzer]
zakim, aagg is pgladstone
19:09:32 [Zakim]
+pgladstone; got it
19:09:38 [ddahl]
Channy: thx
19:09:39 [PhilipG]
PhilipG has joined #crypto
19:10:04 [hhalpin]
agenda?
19:10:05 [Karen]
Virginie: agenda
19:10:20 [wseltzer]
-> http://lists.w3.org/Archives/Public/public-webcrypto/2012Jun/0043.html
19:10:57 [Karen]
Other topics?
19:11:20 [hhalpin]
Zakim, who's on the phone?
19:11:20 [Zakim]
On the phone I see virginie_galindo, emily, ddahl, Wendy, Jim_Davenport, vgb, Google, [Microsoft], Netflix, Karen, hhalpin, ??P14, sdurbha, pgladstone
19:11:23 [Zakim]
Google has rsleevi, wtc
19:11:23 [Zakim]
[Microsoft] has Mike_Jones
19:11:23 [Zakim]
Netflix has MitchZ
19:14:15 [tl1]
tl1 has joined #crypto
19:15:35 [wseltzer]
Present +David_Hooley
19:16:03 [virginie_galindo]
http://www.w3.org/2012/06/04-crypto-minutes.html
19:16:16 [Karen]
Virginie: previous minutes http://www.w3.org/2012/06/04-crypto-minutes.html
19:16:18 [hooley]
hooley has joined #crypto
19:16:42 [hhalpin]
PROPOSAL: accept http://www.w3.org/2012/06/04-crypto-minutes.html as minutes for the previous meeting, any objections?
19:16:44 [Karen]
Harry: as long as no one object, it is approved
19:16:55 [hhalpin]
RESOLVED: accepted http://www.w3.org/2012/06/04-crypto-minutes.html as minutes for the previous meeting.
19:17:16 [Karen]
Virginie: take way does not replace minutes
19:17:28 [wseltzer]
zakim, take up agendum 2
19:17:28 [Zakim]
agendum 2. "Survey about API" taken up [from hhalpin]
19:17:42 [virginie_galindo]
http://www.w3.org/2012/webcrypto/wiki/SurveyAnalysis
19:17:42 [ddahl]
http://www.w3.org/2012/webcrypto/wiki/SurveyAnalysis
19:17:53 [hhalpin]
topic: Survey about API
19:18:02 [Karen]
David presents summary
19:18:37 [Karen]
David: most want low level api
19:18:53 [Karen]
david: we will figure out what does that mean
19:19:10 [Karen]
david: one of question does not worded well - who will use api
19:19:40 [Karen]
david: main answer: web app users
19:20:10 [Karen]
david: main activities will be messaging, chatting, signature behind it
19:20:40 [Karen]
david: a good set of data. we can get more answers as we go alone. please read through raw data
19:20:51 [Karen]
virginie: thank you David for the efforts
19:20:59 [wseltzer]
s/alone/along/
19:20:59 [Karen]
virginie: any comments?
19:21:04 [sdurbha]
q+
19:21:07 [hhalpin]
q+
19:21:15 [vgb]
q+
19:21:53 [Karen]
sdurbha: emails seem to want high level api
19:22:24 [Karen]
david: there are still discussions on what that means high or low level api
19:22:49 [Karen]
david: I think low level is better so we can implement more func and follow standard
19:22:59 [Karen]
david: high level api can be built on top
19:23:45 [Karen]
harry: messaging and chatting on top is surprising.
19:23:47 [wtc]
q+
19:24:17 [rsleevi]
q+
19:24:24 [Karen]
vgb: what is not clear - how people think this api with relation to tls
19:24:38 [Karen]
vgb: an addition?
19:24:50 [Karen]
vgb: to implement tls in browser?
19:25:15 [Karen]
virginie: one feature - for web app to manage their security
19:25:30 [hhalpin]
I'm pretty sure we are NOT going to replace TLS :)
19:25:31 [Karen]
virginie: feature 2: tracking tls session
19:25:53 [ddahl]
vgb: I don't think people want to be able to implement all of TLS, however, I think they do want to be able to secure and sign data before this data is pushed to the wire
19:26:05 [ddahl]
wtc: rsleevi: got it! thanks!
19:26:07 [Karen]
p1: ryan and I will contact david later in design api
19:26:15 [wseltzer]
s/p1/wtc/
19:26:23 [Karen]
david: use cases are not to replace tls
19:26:23 [hhalpin]
I imagine we are going to add some functions that let people sign and encrypt some parts of the DOM dynamically using a few cross-browser methods.
19:27:00 [Karen]
david: using secure messaging as an example - three persons involved
19:27:22 [ddahl]
Karen: that is rsleevi :)
19:27:23 [Karen]
david: bob and alice may be two users using carol's service
19:27:49 [Karen]
sorry
19:28:03 [Karen]
rsleevi: tls is only suited for two people talking
19:28:10 [Zakim]
rsleevi, you wanted to respond
19:28:45 [Karen]
virginie: to leverage what david said, we should focus on low level api first
19:29:00 [Karen]
virginie: allow developers to control the operations
19:29:00 [Zakim]
-[Microsoft]
19:29:17 [Karen]
virginie: we can work on high level later
19:29:19 [sdurbha]
+1
19:29:20 [rsleevi]
+1
19:29:21 [hhalpin]
+1
19:29:23 [JimD]
+1
19:29:24 [Karen]
+1
19:29:26 [ddahl]
+1
19:29:28 [hhalpin]
PROPOSAL: Start with low-level
19:29:28 [vgb]
+1
19:29:29 [emily]
+1
19:29:33 [wtc]
+1
19:29:35 [wseltzer]
+1
19:29:49 [hhalpin]
RESOLUTION: Start with low-level API, then focus on high-level API
19:30:11 [Karen]
Virginie: a3 use cases
19:30:16 [wseltzer]
zakim, take up agendum 3
19:30:16 [Zakim]
agendum 3. "Use-cases" taken up [from hhalpin]
19:30:17 [hhalpin]
Zakim, next agendum
19:30:17 [Zakim]
agendum 3 was just opened, hhalpin
19:30:22 [hhalpin]
topic: Use-cases
19:30:38 [wseltzer]
-> http://www.w3.org/2012/webcrypto/wiki/Use_Cases
19:31:09 [Karen]
virginie: channy has updated the use cases http://www.w3.org/2012/webcrypto/wiki/Use_Cases
19:31:26 [Karen]
virginie: channy has updated use cases
19:31:32 [Channy]
Use-cases on wiki were gathered from mailinglist and commnutiy group. It was classified by charter goals. Please feel free to edit by anyone.
19:32:13 [hhalpin]
Any volunteers?
19:32:18 [ddahl]
virginie_galindo: I can help you
19:32:33 [Karen]
virginie: make sure we don't put complicated use cases in the primary features
19:32:55 [wseltzer]
ACTION: Add use-cases from the survey to the wiki
19:33:07 [Channy]
I think it may be rearranged by low-level and high-level.
19:33:07 [Karen]
virginie: use case: validated document
19:33:59 [Karen]
http://lists.w3.org/Archives/Public/public-webcrypto/2012Jun/0022.html
19:34:43 [Zakim]
-hhalpin
19:34:45 [Karen]
document sent by ?
19:34:51 [JimD]
q+
19:35:14 [Karen]
p1: tls proxy is a fact
19:35:30 [wseltzer]
PhilipG: Defense in depth, accepting that TLS proxies are a fact of life, and provide security in the face of those.
19:35:39 [wseltzer]
s/p1/PhilipG/
19:36:20 [Karen]
philip: it is possible for a client to authenticate even if there is tls proxy
19:36:47 [Karen]
ryan: I am concerned that entire web security model is built on tls
19:37:24 [harry]
harry has joined #crypto
19:37:25 [Karen]
ryan: don't know any browser can guarantee the security even with the defense in depth
19:37:50 [harry]
Zakim, what's the code?
19:37:50 [Zakim]
the conference code is 27978 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), harry
19:38:02 [Karen]
virginie: philip you can write down the use case
19:38:19 [Zakim]
+??P10
19:38:22 [Karen]
philip: I am not sure it is relevant
19:38:24 [harry]
Zakim, ??P10 is harry
19:38:24 [Zakim]
+harry; got it
19:38:41 [Karen]
philip: I will write it down anyway
19:39:00 [Karen]
virginie: any suggestions on use cases?
19:39:05 [harry]
q?
19:39:16 [Karen]
Jim: a lot of discussions on smart card
19:39:35 [Karen]
jim: we might want to create an abstraction on hardware devices
19:39:40 [harry]
q+
19:39:50 [harry]
q-
19:40:00 [Karen]
jim: we want to make sure the api we create can support hardware devices
19:40:03 [harry]
Zakim, agenda?
19:40:03 [Zakim]
I see 5 items remaining on the agenda:
19:40:05 [Zakim]
1. Welcome [from hhalpin]
19:40:05 [Zakim]
2. Survey about API [from hhalpin]
19:40:05 [Zakim]
3. Use-cases [from hhalpin]
19:40:05 [Zakim]
4. Technical Discussion [from hhalpin]
19:40:05 [Zakim]
5. Group Logistics [from hhalpin]
19:40:17 [harry]
Zakim, next agendum
19:40:17 [Zakim]
agendum 1. "Welcome" taken up [from hhalpin]
19:40:22 [Karen]
virginie:topics: draft api
19:40:32 [harry]
topic: draft API
19:40:34 [wseltzer]
zakim, take up agendum 4
19:40:34 [Zakim]
agendum 4. "Technical Discussion" taken up [from hhalpin]
19:41:09 [Karen]
virginie: 14min to discuss technical topics
19:41:37 [Karen]
David: latest update is section 7
19:41:53 [virginie_galindo]
http://www.w3.org/2012/webcrypto/WebCryptoAPI/
19:41:54 [Karen]
david: added link to JWA (json algorithms)
19:42:12 [Karen]
david: we will benefit to use same identifiers as jwa
19:42:24 [harry]
+1 re-using identifers from JOSE WG
19:42:24 [Karen]
david: updated examples in the strawman
19:42:32 [virginie_galindo]
s/14min/40min/
19:42:43 [ddahl]
http://www.w3.org/2012/webcrypto/WebCryptoAPI/#algorithms
19:42:50 [rsleevi]
+1 to the re-use
19:43:00 [Karen]
virginie: thank you for the work
19:43:36 [Karen]
david: try to begin proposal on key identifier
19:44:01 [Karen]
david: we might want to add some meta data on key identifier
19:44:38 [Karen]
virginie: proposal GUID from mitch
19:44:46 [Karen]
virginie: will we reuse?
19:44:56 [virginie_galindo]
http://lists.w3.org/Archives/Public/public-webcrypto/2012Jun/0015.html
19:44:58 [rsleevi]
q+
19:45:04 [Karen]
david: that's an ideal way to identity key
19:45:23 [wtc]
q+
19:46:07 [Karen]
ryan: concern: will two users of two different sites have same or different GUID? if the same, it is possible to track user
19:46:30 [Karen]
ryan: I like the string id, which may not have this concern
19:47:10 [Karen]
ryan: example: netflex.p1
19:47:12 [ddahl]
rsleevi: I think the JOSE WG has examples like that - origin + sequence number
19:47:39 [Karen]
p1: agree with ryan
19:47:50 [wseltzer]
s/p1/wtc/
19:48:00 [Karen]
p1: the goal is to unique identify the key so that it can be revoked
19:48:06 [MitchZ]
q+
19:48:42 [Karen]
wtc: hash of a secret key may accomplish the goal of identify the key without reveal the key
19:48:49 [harry]
q+
19:49:24 [Karen]
mitch: privacy concern is the one we share.
19:49:46 [Karen]
mitch: the uuid or hash may reveal too much
19:50:54 [MitchZ]
q-
19:51:12 [Karen]
mitch: we don't need to build all use cases but need to discuss the privacy concern
19:51:12 [harry]
ack harry
19:51:35 [ddahl]
i may be wrong, but the JOSE WG seems to not require any kind of specific id except that it is a string
19:52:56 [Karen]
harry: charter is very clear that we don't want to mandate a particular key identifier scheme
19:53:18 [rsleevi]
The question seems less to do with key identification, and more about key discovery
19:53:25 [Karen]
virginie: we need to name the key in order to handle it
19:53:28 [rsleevi]
Key identification serves as a means of key discovery, but is not the only one
19:53:31 [harry]
i.e also the discovery of the properties of the key
19:53:47 [harry]
which is different than sticking all the properties in its idenfication scheme
19:54:12 [Karen]
virginie: a need for the editors to come out a proposal
19:54:44 [Karen]
virginie: on key identifier.
19:55:00 [Karen]
david: Ryan and others have given feedback
19:55:21 [Karen]
david: enumeration of propertities
19:55:42 [ddahl]
virginie_galindo: +1
19:55:44 [rsleevi]
+1
19:55:46 [Karen]
virginie: it is important and part of the design api
19:56:06 [Karen]
david: will share tomorrow or next day
19:56:42 [Karen]
virginie: next topic: discovery mechanism
19:57:23 [Karen]
virginie: netflex proposal? how to discovery key?
19:57:25 [rsleevi]
q+
19:57:33 [virginie_galindo]
http://lists.w3.org/Archives/Public/public-webcrypto/2012Jun/0030.html
19:57:34 [Karen]
david: no conclusion yet
19:57:45 [Karen]
ryan: do conclusion yet
19:58:14 [Karen]
ryan: need to consider mitch example where a particular key can only be used for a particular purpose case, mode etc
19:58:49 [Karen]
ryan: also need to consider more general use case that the key can be used in more cases
19:58:53 [MitchZ]
Just to throw one more oddball use case out there: we have seen one case of a single keytext block inside of hardware used as any of: DES, 3DES, 2DES (!), and AES-128 algorithms
19:58:57 [MitchZ]
I believe this is unusual, though
19:59:19 [Karen]
ryan: need to design api that can balance these cases
19:59:22 [MitchZ]
and could be handled by simply mapping the single keytext block to several different keys
19:59:30 [ddahl]
also, I have been re-reading all of the latest JOSE JWK specs to help inform this discussion
19:59:40 [MitchZ]
but, cipher mode, padding, etc. may really be limited on a key-by-key basis
19:59:52 [Karen]
virginie: we need to build and write down the api
20:00:08 [Karen]
virginie: expect other participants to help
20:00:23 [Karen]
virginie: next topic: smart card discussion - lot of exchanges
20:00:44 [Karen]
virginie: our charter - we should not put anything specific to smart card
20:00:57 [Karen]
virginie: many use cases that need smart card
20:01:08 [Karen]
virginie: we need to find some ways to handle this
20:01:17 [harry]
we don't want to bake in device-specific API features, but maybe we can do those use-cases with right level of abstraction.
20:01:26 [rsleevi]
q+
20:01:29 [JimD]
use cases should not EXCLUDE smart cards explicitly; however, I agree that we may need to create an abstraction for the use of smart cards or other hardware-based devices
20:01:30 [Karen]
virginie: may be we can have a round table to discuss this
20:01:30 [wtc]
q+
20:01:35 [sdurbha]
q+
20:02:07 [Karen]
ryan: I have no objection to smart card, but have concern on security model
20:02:10 [vgb]
q+
20:02:29 [Karen]
ryan: don't believe any website can benefit from know smart card
20:02:49 [Karen]
ryan: a client having keys stored in smart card is fine
20:02:57 [PhilipG]
q+
20:03:23 [Karen]
ryan: we should not have anything specific to smart card
20:03:32 [harry]
+1 keys stored in smart card
20:03:40 [harry]
i.e. think of it as another container
20:04:06 [Karen]
Chan: I believe all use cases can be met by windows.cypto
20:04:20 [rsleevi]
Karen: s/Chan/wtc/
20:04:48 [JimD]
a browser-specific solution doesn't seem to be a good answer
20:06:09 [Karen]
sdurbha: there are javascript api's that support crypto, but it is not possible to securely transfer keys.
20:06:10 [rsleevi]
sdurbha: As an alternative for/enhancement of <keygen>, correct?
20:06:32 [Karen]
sdurbha: smart card support for keys is very appealing
20:06:45 [sdurbha]
rsleevi, correct
20:06:57 [Karen]
virginie: provisioning of the key is out of the scope
20:07:25 [Karen]
vgb: use case of key management
20:07:26 [Channy]
@JimD, a browser can use standard as like Firefox's impl. http://en.wikipedia.org/wiki/Federal_Information_Processing_Standard
20:08:30 [Karen]
vgb: where does key come from: local storage - not relevant to SC; key exchange; you have a key that is sent by a out of band way
20:08:55 [Karen]
vgb: the service knows it is in a smart card because it gives to the card.
20:09:06 [JimD]
well said, vgb
20:09:20 [PhilipG]
+1
20:09:20 [JimD]
+1
20:09:23 [ddahl]
+1
20:09:27 [sdurbha]
+1
20:09:28 [harry]
+1
20:09:28 [rsleevi]
vgb: +1. I think the matter of smart cards is a matter of key discovery, largely
20:09:31 [Karen]
vgb: we don't need smart card support, but need to know it comes from. e.g. smart card
20:09:34 [virginie_galindo]
+1
20:09:34 [rsleevi]
vgb: -1 to key provisioning within smart cards :)
20:10:07 [MitchZ]
+1, but would aim for a target where the "smart card keys" are used in a way consistent with the "runtime created keys" or "preprovisioned keys"
20:10:11 [wtc]
q+
20:10:27 [MitchZ]
in other words, not necessarily "outside the sandbox" to get to the last part of your comment.
20:10:38 [Karen]
vgb: at the browser level - discover the key
20:11:22 [vgb]
MitchZ, I agree that the API should be consistent between the various types of keys
20:11:27 [Karen]
philip: provided that smart card portability of the key is a part of the use case
20:11:52 [virginie_galindo]
q+
20:11:52 [vgb]
my point was that we should allow the possibility of accessing keys that were not created/initally received within the browser
20:12:17 [Karen]
philip: the easy of use is an important factor
20:12:31 [harry]
hmmm...should we write a proposal/resolution here?
20:12:47 [rsleevi]
harry: wtc and I can take up an ACTION item to propose something
20:12:57 [vgb]
rsleevi - we're in violent agreement :)
20:13:04 [sdurbha]
:)
20:13:07 [Karen]
sorry, I didn't catch that
20:13:13 [vgb]
I have a half-composed email draft on this, will send out ot email list today
20:13:23 [JimD]
Thanks, vgb
20:14:19 [harry]
VGB or Rsleevi, can you write *something* in IRC that captures in 1-3 sentences the precise proposal re the idea of accessing keys?
20:14:56 [Karen]
Virginie: vgb and ryan will propose something
20:14:58 [rsleevi]
harry: The browser should be agnostic as to the 'source' of the key - whether within the browser or outside
20:14:59 [harry]
ACTION: VGB and RSleevi to write a proposal and send to mailing list for approval next meeting
20:15:23 [vgb]
Basic proposal on key access: there are 3 families of use cases
20:15:40 [Karen]
virginie: next topic: group life
20:15:47 [vgb]
1. Ephemeral / local-only use, as for local encrypted storage
20:15:51 [wseltzer]
zakim, take up agendum 5
20:15:51 [Zakim]
agendum 5. "Group Logistics" taken up [from hhalpin]
20:15:59 [vgb]
2. Keys created through key exchange
20:16:07 [Karen]
virginie: f2f meeting - 24-25th of july
20:16:15 [vgb]
3. Keys that are distributed to parties and provisioned offline
20:16:19 [harry]
maybe do a quick go through in IRC to see who can come to those dates?
20:16:27 [Karen]
virginie: who will be ready to attend the meeting?
20:16:28 [wseltzer]
PROPOSAL: F2F July 24-25.
20:16:30 [ddahl]
+1
20:16:33 [Karen]
+1
20:16:35 [virginie_galindo]
+1
20:16:37 [rsleevi]
-1
20:16:40 [wtc]
+1
20:16:41 [JimD]
-1 on other travel that week
20:16:45 [harry]
+1 (assuming no conflict with IETF)
20:16:51 [emily]
-1 (unlikely to be able to attend any f2f)
20:17:01 [vgb]
The proposal is that while the API model should treat all these keys consistently as much as possible, it should also provide a discovery model for the 3rd class, since that is a special need for that class
20:17:10 [Karen]
+1 for Asad I guess
20:17:16 [wseltzer]
+1
20:17:17 [MitchZ]
+1
20:17:35 [MitchZ]
+1 for Mark Watson
20:17:37 [vgb]
+1
20:17:48 [Channy]
-1 (no sponsorship for travel :)
20:18:05 [ddahl]
rsleevi: will you be available for phone calls those days?
20:18:33 [rsleevi]
ddahl: I wouldn't trust my phone where I'm going to be (Black Hat Briefings) ;-)
20:18:41 [Karen]
virginie: location?
20:18:45 [ddahl]
rsleevi: ah, thanks
20:19:16 [Karen]
virginie: any problem moving to silicon valley?
20:20:18 [Karen]
David: we can accomodate at mountain view office
20:20:35 [harry]
RESOLVED: Meeting 24-25th in Vancouver ala poll
20:20:41 [Karen]
virginie: thank you all.
20:20:57 [harry]
Meeting Adjourned
20:21:06 [wseltzer]
Meeting: WebCrypto Working Group
20:21:07 [harry]
RRSAgent, generate minutes
20:21:07 [RRSAgent]
I have made the request to generate http://www.w3.org/2012/06/11-crypto-minutes.html harry
20:21:14 [Zakim]
-vgb
20:21:14 [Karen]
you are welcome. Sorry for missing some points
20:21:15 [Zakim]
-pgladstone
20:21:17 [Zakim]
-emily
20:21:18 [Zakim]
-sdurbha
20:21:18 [Zakim]
-??P14
20:21:19 [Zakim]
-Netflix
20:21:19 [Zakim]
-ddahl
20:21:20 [Zakim]
-Google
20:21:21 [wseltzer]
zakim, list participants
20:21:21 [Zakim]
As of this point the attendees have been +33.6.13.23.aaaa, +1.707.799.aabb, virginie_galindo, Wendy, +1.773.939.aacc, Jim_Davenport, vgb, +1.650.214.aadd, rsleevi, wtc, ddahl,
20:21:24 [Zakim]
... +1.408.540.aaee, +1.512.257.aaff, Mike_Jones, emily, hhalpin, Karen, MitchZ, +1.978.936.aagg, sdurbha, pgladstone, markw, harry
20:21:27 [Zakim]
-Jim_Davenport
20:21:28 [Zakim]
-Wendy
20:21:33 [Zakim]
-virginie_galindo
20:21:37 [hooley]
hooley has left #crypto
20:21:53 [harry]
Karen, if you can send this link the mailing list for review: https://www.w3.org/2012/06/11-crypto-minutes.html
20:21:58 [Zakim]
-harry
20:22:04 [Zakim]
-Karen
20:22:05 [Zakim]
SEC_WebCryp()3:00PM has ended
20:22:05 [Zakim]
Attendees were +33.6.13.23.aaaa, +1.707.799.aabb, virginie_galindo, Wendy, +1.773.939.aacc, Jim_Davenport, vgb, +1.650.214.aadd, rsleevi, wtc, ddahl, +1.408.540.aaee,
20:22:05 [Zakim]
... +1.512.257.aaff, Mike_Jones, emily, hhalpin, Karen, MitchZ, +1.978.936.aagg, sdurbha, pgladstone, markw, harry
20:22:52 [wseltzer]
present+ virginie_galindo, Wendy, Jim_Davenport, vgb, rsleevi, wtc, ddahl, Mike_Jones, emily,
20:23:12 [wseltzer]
present+ hhalpin, Karen, MitchZ, sdurbha, pgladstone, markw,
20:23:20 [wseltzer]
rrsagent, make minutes
20:23:20 [RRSAgent]
I have made the request to generate http://www.w3.org/2012/06/11-crypto-minutes.html wseltzer
20:23:39 [PhilipG]
PhilipG has left #crypto
20:24:07 [wseltzer]
RRSAgent, make log public
20:24:11 [wseltzer]
rrsagent, bye
20:24:11 [RRSAgent]
I see 2 open action items saved in http://www.w3.org/2012/06/11-crypto-actions.rdf :
20:24:11 [RRSAgent]
ACTION: Add use-cases from the survey to the wiki [1]
20:24:11 [RRSAgent]
recorded in http://www.w3.org/2012/06/11-crypto-irc#T19-32-55
20:24:11 [RRSAgent]
ACTION: VGB and RSleevi to write a proposal and send to mailing list for approval next meeting [2]
20:24:11 [RRSAgent]
recorded in http://www.w3.org/2012/06/11-crypto-irc#T20-14-59